Category Archives: Ansible

All About Ansible Vault

This blog is about using ansible vault. Vault is a way to encrypt subtle information in Ansible scripts.

A distinctive Ansible setup comprises some sort of secret to fully setup a server or application. The common types of “secret” include passwords, SSH keys, SSL certificates, API tokens and whatever which the user do not want the public to see.

Since it is common to store Ansible configurations in version control, we need a way to store confidential data securely.

Ansible Vault is the answer to this. Ansible Vault can encrypt anything inside of a YAML file, using a password of the user choice.

USING ANSIBLE VAULT

A classic use of Ansible Vault is to encrypt variable files. Vault can encrypt any YAML file, but the most common files to encrypt are:

* Files within the group_vars directory
* A role’s defaults/main.yml file
* A role’s vars/main.yml file
* Any other file used to store variables.

ENCRYPTING AN EXISTING FILE

The characteristic use case is to have a normal, plaintext variable file to encrypt. Using ansible-vault, we can encrypt and define the password needed to decrypt later:

The ansible-vault command will request the user for a password twice. Once that is done, the file will be encrypted. If the user edits the file directly, the user will just see encrypted text. It will be something like this:

What is a Ansible Tower?

Ansible Tower (formerly ‘AWX’) is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. It’s designed to be the hub for all of your automation tasks.

Tower allows you to control access to who can access what, even allowing sharing of SSH credentials without someone being able to transfer those credentials. Inventory can be graphically managed or synced with a wide variety of cloud sources. It logs all of your jobs, integrates well with LDAP, and has an amazing browsable REST API. Command line tools are available for easy integration with Jenkins as well. Provisioning callbacks provide great support for autoscaling topologies.

What are ansible playbooks?

Playbooks express configuration, deployment, and orchestration in Ansible. The Playbook format is in the form of YAML. Each Playbook maps a group of hosts to a set of roles. Each role is represented by calls to Ansible call tasks.